Here’s a more polished and presentable version of your content, with improved formatting, clarity, and additional resources for better understanding:
Administrative Tasks¶
Introduction¶
Administrative tasks are responsibilities managed by system administrators (sysadmins). Sysadmins are IT professionals who ensure an organization's computer systems function efficiently and meet operational needs. Their duties include supporting, troubleshooting, and maintaining computer servers and networks.
In this section, we will discuss:
- Managing user and group accounts and related system files.
- Automating system administrative tasks by scheduling jobs.
- Localization and internationalization.
Manage User and Group Accounts and Related System Files¶
Managing User and Group Accounts¶
Linux provides robust tools for managing user and group accounts, which are essential for system security and resource allocation.
User Accounts¶
1. Adding Users
Use the useradd command to create new users.
useradd username # Creates a user with no home directory
Common Flags for useradd
-m: Creates a home directory for the user.-d: Specifies a custom home directory.-c: Adds a comment (e.g., user description).-g: Assigns the user to a group.-s: Specifies the login shell.
Examples:
useradd -m username
useradd -d /path/to/home username
useradd -c "Comment about the user" username
useradd -g groupname username
useradd -s /path/to/shell username
2. Managing Users
- Change Password: Use
passwd.
sh
passwd username
passwd -e username # Immediately expires a user's password
- Modify User Attributes: Use
usermod.
sh
usermod -l new_username old_username # Change username
usermod -c "New comment" username # Modify comment
usermod -g groupname username # Change primary group
usermod -d /path/to/home username # Change home directory
- Display User Information: Use
id.
sh
id username
- List User Groups: Use
groups.
sh
groups username
- Delete a User: Use
userdel.
sh
userdel username
- Manage Password Aging: Use
chage.
sh
chage -l username # Show password aging information
chage -m 14 -M 90 -W 7 username # Set minimum (14 days), maximum (90 days), and warning period (7 days)
chage -E year-month-day username # Set expiration date
3. Filter System Databases
Use getent to retrieve information from system databases.
getent passwd username # Retrieve user password entry
getent group groupname # Retrieve group information
Group Accounts¶
1. Creating Groups
Use groupadd to create a new group.
groupadd groupname
2. Managing Groups
- Modify Group Attributes: Use
groupmod.
sh
groupmod -n new_group_name groupname
- Delete a Group: Use
groupdel.
sh
groupdel groupname
Related Files¶
- /etc/passwd: Stores user account information (Username, Password, UID, GID, Comment, Home Directory, Shell).
- /etc/shadow: Stores encrypted user passwords and password aging details.
- /etc/group: Stores group information (Group Name, Password, GID, Member List).
- /etc/gshadow: Stores encrypted group passwords and group administrators.
- /etc/skel: Template directory copied when creating new users.
- /etc/login.defs: Contains system-wide defaults for user account management (e.g., password aging, UID/GID ranges).
Permissions and Ownership¶
- Change Ownership: Use
chown.
sh
chown username:groupname filename
- Change Group Ownership: Use
chgrp.
sh
chgrp groupname filename
- Change File Permissions: Use
chmod.
sh
chmod 755 filename # Owner: read/write/execute, Group: read/execute, Others: read/execute
Security Best Practices¶
- Strong Passwords: Enforce complexity policies.
- Limited Permissions: Grant only necessary permissions to users.
- Account Review: Identify and disable unused accounts.
- Password Rotation: Require users to change passwords regularly.
- System Updates: Patch vulnerabilities promptly.
Commands Comparison¶
1. passwd and chage¶
passwd Command |
chage Command |
Description |
|---|---|---|
passwd -n |
chage -m |
Set minimum password lifetime. |
passwd -x |
chage -M |
Set maximum password lifetime. |
passwd -w |
chage -W |
Set warning period before password expires. |
passwd -i |
chage -I |
Set inactivity period after password expiration. |
passwd -S |
chage -l |
Show password aging information. |
2. passwd and usermod¶
passwd Command |
usermod Command |
Description |
|---|---|---|
passwd -l |
usermod -L |
Lock a user account. |
passwd -u |
usermod -U |
Unlock a user account. |
3. useradd and usermod¶
| Option | usermod |
useradd |
Description |
|---|---|---|---|
-e |
Reset expiration date | Set expiration date | Manage account expiration. |
-s |
Change login shell | Set login shell | Specify user shell. |
-c |
Modify comment | Create user with comment | Add or update user description. |
-d |
Change home directory | Set home directory | Manage user home directory. |
-g |
Change primary group | Add primary group | Assign primary group. |
-G, -aG |
Add to secondary group | Add to secondary group | Manage secondary group membership. |
Additional Resources¶
- Linux Documentation: Refer to the official Linux man pages for detailed command usage (
man useradd,man usermod, etc.). - Security Guides: Explore security best practices from resources like the CIS Benchmarks.
- Automation Tools: Learn about scripting and automation with tools like
cronandAnsible. - Online Courses: Platforms like Linux Academy and Coursera offer in-depth Linux administration courses.